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Amendments to the Claiing 



Claim 1 (currently amei^ded): A computer program product embodied on computer readable 
media readable by a computing system in a computing enviromnent, for enforcing security poUcy 



computer-readable program code me ^^^ oht^im'np an input document; 

ono or more otorcd policy enforcomcnt ob j cots , whcrctn oaeh of gaid stored polk y 
enforcement objocto BpecijaoQ a socurity poEc>^ to be oosociatcd v ^ ith goro or rooro elem e nt s of 
i>aid input document; 

com puter^read able program ^ de means for obtaining a Document Type Definition (DTD) 



^ Bclcctod oncD oneofanluraKty of 9^ stored poUcy enfbrcemem objects; (2> more than one of 



said reference mav refeiCTce a single stored policy enforcement object; and (3) each of gaid 
stored policy enforcement obiects speci fies a visibilitv policy for said referencing clement . o . t: 
elen^nts. said visilrility policy identifying an encry ption requirement for all elements having that 
yisibility policylaiid a cotnnmEd^)whose members are aut horiTcd to view those elements: 



computcT^readable program code means for applying one or more style sheets to said 
in put document thereby flddmpr Tnarku p notation to each el ement of said input documejitfor 
which said element definition in said DTD references one of said stored twlicv enforcem^t 
obiects specifying a visibility policy with a non-null encryption requirement, resulting in creation 
of an interim transient document that indicates elements of said input document which arc to be 
encrypted; and 
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mm puter-reada hle propram ca rfe means for crc atmR a n output d o cument in v^h each 



^l^-ment of said mteriip ^t^^W rinc nment for which markup notation has been added is 
^tirryptPd m a manner tha<^enabksaj c ^^ decrypt each of sa^d encrypted 

^l^m^.^:. vAr^tem kev di ^trihution material associated with said outp ut document is u$ed as infflt 
to said decryption, 

on ougmcntcd gtylo oheet proocDDor> s s ^tqir said augmcntod proc e spor further coiap Rsegf 
e omputcr i^doble program oodo moona for loading paid DTD; 
Lomp u t tff roftdabk pTojj-nm r n drt m r nn i frtr TaTr ^ hinc ^^^^ nf^niA nno nr mor e 

r eferences in aoid loodod DTD; 
^0 eonqmtcr reodablo program code tncons for ingtontiating oaid pobcy enforcem e nt 

e bjcctG asfloeiatod with gaid r es ohi^d roferonoes; 

eonyuter - rcadoblo program cod e moona for executing selootod onog of said 
ingtojatiatod policy otiforc e mcirn objcots during appliootion of one or more irtylc shccto to gold 
inp ut document, -^vhcrcin a rcgnit f f nnid !^"mp^ r^nf^nhl ^ pngmm code moanp for oxocuttng ia 
on interim trongient d o cument refle o ting said ox Q Cution; 

u o niputcr - reodobl e program code meona for genera t mg on e or more rondom 

conputcr readable program cod e mcang for enor>T>ting oolocted e l e m e nts of said 
interim tronsie g t document^ wherein q particxdor one of aoid gcnonitod random encryption k cy j 
may bo upod t o enorypt one or more of said g e l e ct o d ol omenta, while lea^nng zero or more othgr 
olemont o of aoid interim tronoieHt docum e nt utt e ncryptod; 
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o i o monts, crod amd oaorypt e d enct^Tytion keys; 



coniputsr ruadablo program codo moonfl for rcquooting ooid encrypt e d output dociun e rrt 



by a key rccovorj^ agent; 



coiqputer roadablo program cod e m e ano for rec e iving said rcquegt e d oiitput dooum e nt; 



w,n-x 




an augmented dooum g nt proooggor, oonyrising: 



computer readabl e- pFogrom code moooG for deor^ytiiig oachof -s oid cnorypt e d 



encryption keys; tand 

eem putor readabl e program code mcanr) for d e crypting ooid requ e gt e d output 
dooument using said decrypt e d k e ys, ther e by croating - ct r e sult dootmnent T 

Claim 2 (currently amended): The comp\iter program product according to Claim 1 , further 
oorDpri$ing computer-readable program code means for rendering said fesalt output document on 
said - ctien t a cKent device. 

Claim 3 (currently amended): The computer program product according to Claim 1, herein said 
markup notatton in said interim transient document cortq^rises one or mor e encryption tags 
identifring e l e m e nto nooding encryption of a markup language . 
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Claim 4 (original): The computer program product according to Claim 1 , wherein said input 
document is specified in an Extensible Markup Language (XML) notation- 

Claim 5 (currently amended): The computer program product according to Claim 4, Tvherein said 
resttft output documertt is specified in said XML notation. 

Claim 6 (cuircntly amended): The computer program product according to Claim 1, wherein said 
stored policy enforcement objects further comprise computer-readable program code means for 
oveiridii^ a method for evaluating said elements of said input document, and wherein said 



con)|)uter-readable program code means for a pplying said one or more stvk sheets e x e cuting 
further comprises conqjuter-readable program code means for invoking ex e cuting said 
coirq>uter-readable program code means for overridin g, thereby cau stng said Yn arkup notation to 
be added . 

Claim 7 (original): The congyuter program product accordit>g to Claim 6, wherein said style 
sheets are specified in an Extensible Stylesheet Language (XSL) notation. 

Claim 8 (original): The computer program product according to Claim 7, wherein said method is 
a vahie-of method of said XSL notation, and wherein said conqiuter-readable program code 
means for overriding said vahie-of method is by subclassing said value-of method. 
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Claim 9 (currently amended): The computer program product according to Claim S^^^^i^. 

wherein: 

said e=vi;rridden ovemdipg method coniprTses: 

con^niter-readable program code means for generating said marbi p notation as 

encryption tags; and 

computer-readable progran) code means for inserting said generated encryption 

tags into said interim transient document to surround elements of said interim transient document 
^ ^irh ^^H vi.ihilitv ooKc v '^iH elements in said innut documpnt have said non-null «e 
0 determined to require encryption regusmsQl; and 

said computer-readable program code means for creating said output do«?went fish e r 
.>^m prT^ comouter-readaWe program f^de means for encryptinft uclcctod domonto encrypts 
those elements surrounded by said inserted encryption tags. 

Claim 10 (canceled) 

Claim 1 1 (currently amended): The computer program product according to Clai^ 1, wherein 
Claim 10, wherea^aid encryption requirement further comprises specification of an encryption 
nignrithtr. to he nsed when encrvoting ele ments having that visibnity policy. 

Claim 12 (currently amended): The conqjuter program product according to Claim 1, w^erem 
Claim 10, tvhcrcinnirl encryption requirement fiirther comprises specification of an encryption 
algorithm strength value to be used when encrypting e|ements having that visibiHtv poUcy. 
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ClaiiD 13 (currently amended): The computer program product according to Claim 1, wfagtrei n 
said computgr-readable pro-am code means for creatine said output document further comprises 
Claim 10^ wherein : 

comouter-readabte moizram code means for e nsuring that said key recovery agent is a 
member of each unioue one of said communities which is identified bv said visibility polic y in said 
stored oolicv objects for each of said elements of said input document and for which s aid 
encryption requirement in said visibilrtv policy has said non -null encryption requirement; 

com puter-readable program code means for genetatinfl a distinct symmetric key for each 



jimcT^fption keys separately farther con OTegr 

computer readable program - cod e means for et)crypting a different v e r s ion of oooh 
of gaid random e ncryption Iceys for each of said one or mor e m embers of caeh of z e ro or more - of 
said oommuOittfe s community for which «9es said encryption symmetric key was generated, 
thereby creatine member-specificversions of each of said distinct sytnmetric_k eysand t^b4 
whe rein caeh of said diff e rent vcn^iono 4» CHeiypted using a public kcsy of ooid oonm afii ^ member 
for which ooid diffbr - cnt version yyas e ncrypt e d; aqd 



i s fiTi p nf snid m ^ mb e tfi of each of goid coninmnitiGSj - ther e by ensuring that said key recovery agent 
can decrypt one of said member-specific d^i^ea* versions is encrypt e d using said publio key of 
aoid key r e covery ag mt. 




of said unique communitiesj^ 



sddr<K)mputer-readable program code roteans for encrypting said distinct symmetric 



oomput e r - reodflbl e ^rogmm code meona for ensurii^ that said k e y r e covery ag e nt 
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Clatm 14 (currently amended): The computer program product according to 
:jui J anQr^-ptionrc i i ii ii i. r i Tt ttit " ^^'"'^ ^" that w iri ip unl Qcd ocourity p n l ir y 

J,,, . q.itrr rnrT TT tinn Hnim ^ ^^rein said cnmfflrter-readable prop-am c^e queans for 

^crvntine each nf saM distinct symmetric kevs S ftiwrateW for eac^ of .sflid itiember? yseg a publifi 
Vev of said cottmninitv member as inmit when creating each of $aid Treinber.specific veisiQua . 

Claim 15 (cunently amraded): The computer program product according to Claim 1 , wherein 
said c uiu putcr rcodoble procrnm code mcoim for cnorjrpting aelo r t p d encgEt^ eleroents mswd 
created output document are encrypted using uses a cqiher block chaining mode encryption 
process. 

Claim 16 (currently amended): The computer pn^gram product according to Claim 1 3, fiirther 
comprising: 

coDDputer-readable program code meaiw for creating a key class for each ofs^ unique 
communities community, wherein said key class is associated with each of said encrypted 
elements of said output document for which members of this unique community4s-«* ffig 
authorized vieweF vjewers> and wherein said key class comprises: (1) fr gtrong e st m encryption 
al porithm identifier and kev length used when encrypting ccquiremont of said associated encrypted 
elements; (2) an identifier of each of said members of said unique community; and (3) one of said 
member-specific dilBforcnt versions of said encrypted symmetric onoryptk > n key for each of said 
identified community roembersi-eed 
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wh c nrcin: 

paid computor rcadnblo progrom code ttioano for gencrotm g iiaid on &^^fflege 
Huidom onoij-ption Itcyo goncni t co a particular ooc of aoid random cnc QTptioii knya for onoh o f 
s aM kc3' claa a ea^ ond wherein each of ooid diflfcrcnt verojorifl in a portioulor key closo i a cncriT?to d 
from aaid ec i i ciul cd cncr}^tion kc)^ s f ^eratcd for said licpj clnao; ond 

□ aid co mput e r r t- adnb l i ' rrnEmm '^"^^ in <^ nn i fnr cncryptinG soleot o d ojo m cirt s uses 
t hat one of fl o i d partioulor random cncryTition koya which was generated for ooid Iccy oloao >vith 
\whioh aaid golcpt e d olom e nt io aooociat e4. 

Claim 17 (currentfy amended): The computer program product according to Claim 13, fedhCT 
comprising wfaerate: 

sei*<:omputer-readable program code means for decrypting , Inr said key recovery agent, 
all encrypted elements in said teqqested output J o oumont fiirthcT com prii e ^ ^ument, further 
comprising : 

conq>uter-i«adable program code means for decrypting, for each of said 
communities, said ^feefi* member-s pecific version of sai d rondom encfj^ption encrypted 
symmetric key for which won cner^Trtcd uoing said public key of said key recovery agent is one of 
said authorised community members, wherein aoid computor roodoblo pro gr am code roo a n o for 
d ecrypting uaoa a privote k o y of o nid key rcoovcrar pgont, thereby creating a decrypted key for 
each of said communities; and 

computer-readable program code means for decrypting each of said encrypted 
elements in said requestcid outpnit document using said decrypted keysread 
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m ii d uoujpL itGr rcadablo pr o grom codo meong for r^dcring further o o mpri ge g: 

computer readable program oodc mcoDg for rcndcrinfi ooid dccr>T)tod oicments ax> d 
Doid other unonoryptcd olo aamts. 

Claim 18 (current^ amended): The computer program product according to Claim 16> wlierein 
said computer-readable program code means for encrvpt inp each of said distinct symTnctric keys 
separately for each of said members uses a public kev of sai d communitv member as input when 
creating each of said member-specjjSc vers ions and further comprising: 

<tflU corr^mter-Teadable program code means for docrypting - said roquootod output 
r\ ^ document fijorthor oomp tisesz 

V/ computer - roadobl e progrom c o do meona fo f decrypting, for each of said key 

classes, said different member-specific version of said-g trndom e noryp rieft encrypted symTngtric 
kev for which said kev recovery agent is one of said autliorized f fiiYi^iinitv memhei^ usin^ fce=^ 
said key olaos which wos cncryptod uaii^ goid public key of said key r e covery ag e nt> wher e in so id 
oonipitt e r toodablo program cod e mcons for doctypting uaca a private key of said key recovery 
agent which ig aaoooiated with s aid public k e y ^^ch woo uoo d- for encryption ^ thereby creating a 
decrypted key; and 

cort5>uter-readable program code means for decrypting each of said encrypted 
elements in said requ e st e d output document using said decrypted keyst-and 

said computer - readable program codo - moons for rondoring furth e r - c & mprig e &: 

computer - readoblo program codo moaos for rondoring qoid doer^^itod Qlomonts and 
said other unencrypt e d e lements . 
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Claim 1 9 (original): The cott^JXiter program product according to Claim 1 , wherein said DTD is 
replaced by a ^hema: 

Clanri 20 (currently amended): The computer program product according to Claim 10^ whoroin 
Clmn L v^dierein said encryption requirement further conq^rises specification of an encryption key 
length. 

Claim 21 (original): The con?>uter program product according to Claim 9, wherein said inserted 
encryption t^s may surround either vahies of said elements or values and tags of said elements. 



Claim 22 (currently amended): A system for enforcing security policy using style sheet 
processing in a counting environment, conq)rising: 
an input document; 

on e or more ot e r e d policy enforcem e nt objeots, wherein each of qoid stor e d policy 
enforoomoot obj e ct s ■s pooifi o g a s e ourits' PQ^^ to be ossooiatcd with zero or more e l e m e nts of 
said input document; 

a Document Type Definition (DTD) that defines elements of oorrosponding to said input 
document, wherei n: (1 ) an attribute of at least one element defined io said DTD fefls-be«i 



enforcement object s; (2) more than one of said references may reference a single stored policy 
enforcenjent-Obiect; and (3) each of said stored policy enforcement objects specifies a visibiHtY 





references one of a pluraKtv to aeleotcd ones of said-stored policy 
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policy for said referencing element or elements. said_visftrilitv policy identifying an encryption 
requitemenct for all elements having that visibility policy and a comntumtv whose members are 
authorized to view those clentents : 

means for apphdng oxj& or more style sheets to said input document, thereby adding 
markup notation to each element of said input document for which said element definition in said 
DTP_tejferences one of said stored policy enforcement objects specifidng a visibility policy with a 
non-null encryption requirements resuhing in creation of an interim transient document that 
indicattes elenaents of said inpfut dpcuitient which are to be encrypted: and 

means for creating an output document in which each element of said interim transient 
document for_which,marfaip_notation has been.addedjsjBncrypledJn_a_nciann^^^ 

nP 

^ Teco very agent to decrypt each of said encrypted elements, wherein key distribution material 
associated with said output docun:^i3tjs_use_d_as input, to said decrvptioa 

an flugmeotcd gtylo ohoct processor^ wherein said augmented proocgoor further compris es : 
fBea na for loading ooid DTP; 

mecm»fer - rooQhTng each of said on e or more referenp eg ^ -s fl t d - lood e d DT &t 
means for instantiating said polic>^ enforc e ment obj e ot s ags o oiatod vrith gnid 
r e solv e d r e fer e nc es ; 

moans for executing sclootod onoq of said instantiatod policy ornforcement objects 
du ring application of one or more stylo sh e et s to s oid input documont, wherein a result of said 
means for cxoouting - i g an int e rim tranaont dooutnent r e fl e cting said ex e cution; 

m e ans for genoroting on e or more random e ncryption kcy sf 
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means for encrypting qoloct e d e lementa of said int e rim troDsieDt docuoient, wherem 
a- particulor on e of aaid generated nmdom onctyption k e yg imy bo us e d to e ncrypt ono or more of 
5oid seleotod olcmonts, while l e Q\Tng zero or mor e other oloui e ntg of said interim tronaicnt 
document unoncrypt e d; 

wema for eiicriyting oach of s oid ee o or more random encryption k e ys; oa d 
moona for creating on onotyptod output docHtnent oomprising - said zero or more 
oth e r unenprj'ptQd olemcnta, ooid flotoct e d e ncr^Tptod olom e nts, and ijoid encrypt e d enor^Trtion 
keys; 

ffHeons for requ e sting ooid oncrypted output document by a koy recover)^ ogont; 
means for r e c e iving said roqucqt e d output dooumont; and 
an augment e d document proceooor, eoinp i iamffi 

means for d e cryp ting each of goid ■ encr^'ptod encryption koya; and 
m e ona for docr>pting said roquogtod output docum e nt usir^ aoid docr}T3tcd ] s o y^ 
ther e by oroating a result dooumont. 

Claim 23 (currently amended) : The system according to Claim 22, jSirther comprising means for 
rendering said output resuft document o n ooid client actient device. 

Claim 24 (currently amended): The system according to Claim 22, wherein said markup notation 
msaid interim transient document comprises on e or more enctr^ytion tags identi^Tng olemcrfe 
needing - oncryption of a markup languajge . 

SerialNo. 09/422,431 -28- Docket RSW9-99-n3 

PAGE 30/62 * RCVD AT 3/2312004 8:29:03 PM [Eastern Standard Time] ' SVR:USPTO-EFXRF-1/0 ' DNIS:8729306 * CSID:4073437587 * DURATION (min-ss):1M4 




03/23/2004 20:35 4073437: 




PAGE 31 



Claim 25 (original): The system according to Claim 22, wherein said input document is specified 
in an Exteosible Markup Language (XML) notattotu 

Claim 26 (ciirrently amended): The system according to Claim 25, wherein said output r e sult 
document is specified in said XML notation. 

Claim 27 (currerrtly amended): The system according to Gaim 22> v^iierein said stored policy 
enfi^rcement objects further comprise means for overriding a method for evahiating said elements 
of said input document, and wherein said means for apphgng said one or more style sheets 
oxocuttng further comprises means for mvoking ex e cuting said oomputor readabl e progrom code 
means for overridi ng, thereby cau 5wnp gaiM t ^arkup notat ion to be added. 

Claim 28 (original): The system according to Claim 27, wherein said style sheets are specified in 
an Extensible Stylesheet Language (XSL) notation- 
Claim 29 (original): The system according to Claim 28, wherein said method is a vahie-of 
method of said XSL notation, and wherein said means for overriding said vahie-of method is by 
subclassing said value-of method. 

Claim 30 (currently amended): The system according to Claim 27-e r - CIaima9 , wherein: 
said ovcrriddon overriding method comprises: 

means for generating said markup notation as encryption tags; and 
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means for inserting said generated encryption tags into said interim transient 



document to surround elements of said interim transient document ^ which said visibility poMcv 



requirement : and 

said nijeans for creating said output document further comprises means for encrypting 
se l e ct e d e l e m e nts encrypts t hose elements surrotinded by said inserted encryption tags. 

Claim 3 J (caoceled) 

Claim 32 (currently amended): The system according to Claim 22. wherein Claim 3 1 , whcyroin 
q/^ said encryption requirement jfurther comprises specification of an encryption algorithm to be used 



vAien encrvpttng elements having that visibilitv policy . 

Claim 33 (currently amended): The system according to Claim 22. wherein G loim 31> wh^offl 
said encTyption requirement further conqsrises specification of an encryption algorithm strength 
^^ue to be used when encrypting elements having that visibOitv policy . 

Claim 34 (currently amended): The system according to Claim 22, \rfierein said means for 
greating said output document further comnrises Cloim wbcrGin ; 

means for ensuring that said key re covery agent is a member of each unique one of said 

commumties which is identified bv said visibility poKcv in said stored policy objects for each of 



of said elements in said input document have said non-nxiH 



mod to requir e encryption 
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said elexncnt* ^ of saki inpit dnfTiiT nent and for which said encryption requirement in said visibilttv 

policy has said non-null encryption requirement: 

means for een eratitig a distinct symmetric key for each of said unique coinmumties: and 
said-means for encryptii^ said distinct symmetric e noryption keys separately Sffd^er 

comprigog: 

moong for e ncrypting a diffcrcnt veraion of each of goid random encryption Icoyo for each 
of said one or more m embers of e ach of zero or more of s aid oonmnmi feg commumtv for vvhich 
wes said e ncryption symmctrig tcey was generated, thereby creating member-specific versions of 
each of said distinct symmetric keys and » and ^vfaeroin oach of said diffimait versions is enotyptod 
Q ttsing a public k e y of Doid cotmnunity member for which said diiSyont vorsion wgg encrypted; and 



means for ensuring that said key recovery agent is one of said m e mb e rs of oQoh of 
odd communitico, the reby-ensuring that sajdkey recovery apent can decrypt one of said member- 
gr^ific different versions- ia encrypt e d using gnid publie k e y of said \usy recovery agent . 

Claim 35 (current^ amended): The system according to Claim 3 1 , wherein said cnor}T)txon 



encryption. Claim 34> yyfaerein said means for encrvptiufg each of said distinct symmetric keys 
s epamtely for each of said members uses a public key of said co ynrn unitv member as input when 
creating each of said member-specific versions. 




requiromont may have a null vohi e to indicat e that said sp ecified security policy do e s not rogtiire 
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Claim 36 (curretrtly amended): The system according to Claim 22, wherein said meona for 
encrypting sclcoted encrypted elements in said created output document are encryp ted using «seft 
a cipher block chaining mode encryption process. 

Claim 37 (currently amended): The system according to Claim 34, jEurther comprising: 

means for creating a key class for each oJtsaid unique communities comtpuirity , herein 
said key class is associated with each of said encrypted eletoents of said output document for 
which members of this unique coDomunity-i^-^ are authorized viewer viewers ^ and wherein said 
key class comprises: (\) a stronc e st an encryption algorithm identifier and key lenatli used when 
encrypting r e quirem e nt of said associated encrypted elements; (2) an identifier of each of said 
members of said unique community; and (3) one of said member-specific dii^ent versions of said 
encrypted symmetric enoryption key for each of said identified comrauirity merabers-ffld 

said nn t eang for gencrating -s aid on e or mororondom encryption keya goooratcs a 
partioulor one of ooid random e ncryption ke y s for e ach of o aid key olooae s ^ and v s dioroin each of 
s aid diflfercnt vorrrions in a particular key cloa g i s encrypted from gcdd generat e d e ncryption key 
genemtcd for s aid k e y olnoo; m i 

joid moons for encr^yting ooloctod elem e nt s vsq^ that one of ooid particular 
random enctyption keyo which woo generated for said koy olooo with which oaid oel e otod olomcut 
io Qogociatcd . 

Claim 38 (currently amended): The system according to Claim 34, farther comp rislnfr w^tapem: 
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said means for decrypti ng, for said key recovery agent, all encrvpted elements in said 
requ e sted oiitput d ocument further ooiqpiiso s docutpcnt, further coxnpiisinfr : 

means for dccryptijog, for each of said communities, said diflferen t tnember-specific 
version of sai d random cncryptron encrypted svmtt>etric key for. which was e ncrypted using s aid 
publio key of said key recovery agent is one of said authorized commumty members , wher e in said 
means for dooiypting us e s a privnte key of goid key rcoovoqf ogout, t hereby creating a decrypted 
key for each of said communities; and 

means for decrypting each of said encrypted elements in seud rcquootcd output 
document using said decrypted keysf-oRd 

said m e ans for r e ndering further oomprise sf 
A OP m e ans for rendering aoid decrypted ekanonts and said oth e r unencrypt e d - -e fem e nts . 

Claim 39 (currently amended): The system according to Claim 37, wherein saM means for 
encrypting each of said distinct svnmietric keys separatetv for each of said members uses a pubifc 
key of s aid communitv member as input w hen creatin pr each of said member-specific versions and 
farther comprising : 

said means for d e crypting said r o qu e st e d output dooument further compraso &f 

meonafor decrypting, for each of said key classes, said diffen^ member-specific 
version of sai d random oncr>t>tiDn encrypted symmetric kev for which said key recovery agent is 
one of said authorized comm[unitv me m bers, using ke v tn nrod key rl nrr i ^ rhinK uran r.r^m ^^j i^nA 
using said public kc>^ ofooid ke>^ rcoovory agent, wherein said m e ans for dQor>^ting uses a private 
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key of said key recovery agen t w li iuh in aaoooiatod ^vith PQid pubHe key which \vaQ xised for 
onoryptioT) , thereby creating a decrypted ker, and 

means for decrypting each of said encrypted elements in said reqaested output 

docunient using said decrypted keys?-^ 

gaid meong for rondc Aii ig foitlior oonyn sesf 

moans for r e nd e ring said decrypted elements and ooid other uncnorypted olomcnt o. 

Claim 40 (original): The system according to Claim 22, vv*terein said DTD is replaced by a 
schema. 



^ Claim 41 (cmrently amended): The system according to Claim 31, ^^to e» Claim 22, ^yhe^.^ 

said encryption requirement further con^wises specification of an encryption key length. 



Claim 42 (original): The system according to Claim 30, wherein said inserted encryption tags 
may surromd cither values of said elements or \^es and tags of said elenre 

Claim 43 (currently amended): A method for enforcing security policy using style sheet 
processing in a computing environment^ conqirising the steps of: 
providing an input document; 

providing on e or mor e-s tored poKoy enfercemant ob j oots, wherein each of said stored 
policy enforc e m e nt objecto iapooifi e a a geourity policy to bo oaQooiatod with zero or more blemento 
of said input doopme at; 
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providing a Document Type Definitian (DTD) that defines elements of corro j jponding to 
said input document, where in: m an attribute of at least o ne element defined in said DTD bas 
boon augmented with one or more references one of a plurality to soloctod onco of smd-stored 
poHcy enforcement object s: (2^ more than one of said references mav reference a single stored 
poKcy enforcement object: and (Ti each of said stored t^olicv enforcem ent objects specifics a 
visibilitv poKcv for said referencing dement or elements, said visibili tv poBcv identifying an 
encryption requirement for all elements having that visibilitv policy and a conamunitv whose 
members are authorized to view those elements : 

applying one or more style sheets to said input do cument, thereby adding markup notation 
to each ekmeait of said input docun^ for which said element_definition in said DTD references 
one of said stored iK)licv enforcement objects specifying a visibility policy with a non-null 
encryption requirement resulting in creation of an interim transient doctiment_tbat,todic_ate$ 
elements of said input document which are to be encrypted: and 

creating an output document in which each element of said interim transient document for 

vdiich markup notation has been added is encrypted in a matmeiLtbat_enab_tes a key recoveiyLagent 
to decrypt each of said encrypted elements, wherein key distribution material associated with said 
output document is used as input to said decryption^ 

e x e cuting on augment e d styl e sh e et proc e s s or, farth e r comprising th e step s of: 
loading said DTP f 

r es olving each of sold on e or more refercnec s in said te nded DTD - 
instorrtiatrng said policy e nforcement ofe j c e tn ojoociatod with mid - roGolvod 
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cx e o\Jtmg pel e ct e d - onoo of goid instontiol e d policy cnforoemeDt obj e otg dtnin g 
application of on e or moro stylo ohocta to said iiq)ut doounaent , whoro i a a r e sult of said gtcp of 
Gxocuting fa on interim trond e nt docuxncm t roflocting ooid exeoution; 

gegB K i rflttng ono or more nmdom e ncryption Iceys; 

oncrypting golo et od - clcmegts of said interim tronirietrt document, wherein q 
portioular on e ofgaid gonorato i-f ondom cneryption keyg may be uaed to encrypt - ot^ e or mor e of 
s ttid flclect e d elem e nt s , whil e leaving z e ro or mor e oth e r e lements of said tnterim4ransteB t 
document unoncryptod; 

enoryptii^ eaoh of ooid one or more rondom cnoryption koya; and 
ereatii^ an - egoiyptod output documont conq)riging qoid zero or mor e oth e r 




unonoiyptod olomonts, goid oolootod encrypted e lementa;, and sai d oncryptod OTcryption keys; 



requ e sting said encrypted output doountont by a koy r e covery ogent; 
r e c e iving said r e qu e st e d output document; and 

e x e cuting an augm e nt e d, document procogsor^ furth e r compriM - tg tbo Gtopg ojB 
decrypting onch of said encrypted oncryption keys; and 
doctypting ooid requ e otcd output <iocum e nt using faaid dociypt e d k e ys, there b y 
ereattng a r e sult document. 

Claim 44 (currently amended): The method according to Claim 43, further comprising the $tep of 
rendering said guteut fesafe docuinent o n ooid ollent ajgliCTt device. 
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Claim 45 (currently amended): The method according to Claim 43, wherein said markup notation 
asaid mterim transient document comprises one or mor e e ncryption tags identi^ing olcmcnt9 
needing oncrvut i o i i of a markup language . 

Claim 46 (original): The method according to Claim 43, wherein said ii^ut document is specified 
in an Extensible Markup Language (XML) notation. 

Claim 47 (currently amended): The method according to Claim 46, wh^in said output 
document is specified in $aid XML notation. 

Claim 48 (currently amended): The method according to Claim 43, wherein said stored policy 
enforcement objects further comprise executable code for overriding a method for evaktating said 
elements of said mput document, and wherein said executin g go l oc t od ones a pplying step further 
cotjprises oveniding said method for evaluatin g, thereby ca ttittinp; 5saiH markup notation to be 
added . 

Claim 49 (original): The method accordmg to Claim 48, vsiierein said style sheets are specified in 
an Extensible Stylesheet Language (XSL) notation. 

Claim 50 (original): The method according to Claim 49, wherein said method is a vahie-of 
method of said XSL notation, and i^ieretn said step of overriding said vakie-of method is by 
subclassing said vahie-of method. 
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Claim 5 1 (currently anieoded): The method according to Claim 48 or Cloim 5 Q, wherein: 
said step of overriding further con^nrises the steps of: 

generating said markup iK>tatiQP_as encryption tags; and 
inserting said generated encryption tags into said interim transient document to 
surround elements of said interim transient document fer which said visibility policy of said 
elements in said input document have said non-null arc dotorm i ncd to require encryption 
requirement : and 

said step of creating said output document ftcrther comprises the step of encrypting 
se l e ct e d e kstnonts - enoryptg - t hose elements surrounded by said inserted encryption tags. 

Claim 52 (canceled) 

Claim 53 (current^ amended): The method according to Clajtn j4 3_^wheretn Clntm 52, wherein 
said encryption requirement fiirther comprises specification of an encryption algorithm to_be used 
when encrypting elemeirtsJb>avtngjfl^ policy . 

Claim 54 (currently amended): The method according to Claim 43, wherein Claim 52, ^ s4^tefeia 
said encryption requirement fbrtbeff comprises specification of an encryption algorithm strength 
value to be used when encrypting elements having that visibility policy . 
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Claim 55 (currently amended); The method according to Claim 43. wherein said step of creating 
said output document further comprisesJhe steps of Glaim 52. wher e in : 

ensuring that said key recovery agent is a member of each rniique one of said commuiutics 

which is identified by said visibility policy in said stored policy objects for each of said elements of 
said input doj:uinent_and_ for which said encryption requirement in said visibility policy has said 
non-null encryption requirement: 

generating a distinct symmetric kev for each of said unique cn mTnuTrities- and 
gaid gt e p of encrypting said distinct symmetric e ncryption keys separately fit rfl^ 
oomprisos th e st e ps of: 

enoiypting a different version of eooh of go i d - TOndoiri e ncryption k e ys for each of 
said on e or more m embers of each of zoro - or nx>re of said communiti es communitv foy which 
^ ^ uses said eneryptbn symTnetric key was generated^ thereby creatinjg member-specific versions o f 
each of said distinct symmetric keys and s and wh e rein e ach of said difi e reg^ versions is^iodrypto d 
using a pubHc key of said oommunity monabor fer - wbich soid different version was enoryptod; and 

ensurii^ that s o i d - ke yH recovery agent is on e of said memboro of each of said 
e e imnunit je$, ther e by ensuring that said kev recovery agent can decrypt one of said member- 
specific ^flS a rent version s is enci>7)tod ugtog oaid publio key of soid ko>^ recov e ry agent . 

Claim 56 (currently amended): The method according to Claim 52, wfeer e in said enoryption 
r e qutrement may hnvo - a null volue to indicat - e that gaid opeoifiod oecm i ty policy doeo not require 
encryption. Claim 55, wherein said step of encryptinp each of said distinct symmetric keys 
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separately for each of said members uses a p ublic Icev of said communitv member as tnout when 
creating each of said merobCT-soecific versions. 

Claim 57 (cuirently amended): The method according to Claim 43, wherein said atop of 
enor^ptine seloctod encrypted elemettts in said created output document are encr ypted using uses 
a cipher block chaining mode encryption process. 

Claim 58 (currently amended): The method according to Claim 55, further comprising the step 
ofi 

creating a key class for each of said unique communities community, wherein said key 
class is associated with each of said encrypted elements of said output document for which 
members pf this unique community-is^ ^ authorijied viewef viewers , and wherein said key 
class comprises: (1) a otronecflt an encryption aleorithm identifier and kev length u.sed whan 
egprypting rcquiromflnl of saki associated encrypted elements; (2) an ideirtifier of each of said 
members of sakJ umque community; and (3) one of said member-specific d^^«0( versions of said 
encrypted gxmmetric eicryptio a key for each of said identified community membersj^ 

aa id step of generating paid one or more random encr)ption keyo goticrato a- a 
pnrticular one of oaid random oncr>ptiQn kc)'3 for cooh of juid key ctoaaoot and whoroin oach of 
said diffcrottt veroiona in a partioulor key oloBa is encrypted fi-om ooid gonoroted oncryption key 
g e n e nitad for gaid key claao; and 
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paid otcp of e nKtypting ooloctcd clcmo n to upca that ono of floid portioulor random 
^^^■ p^^Q^^ l ^ cy g -g^'hi c h vmn ^^^^^^ W ^^^^^ ^ ^ ^^ ^^hi^^ ^'"^ pcloctod clement ^g 

ogoooiated . 

Claim 59 {current)^ amei^ed): The method according to Claim 55, further comprising the step of 
whorcin : 

nniH ntRp nf decryptin g, for said key recovery agent, all encr ypted elements in said 
roquogtcd output document fU iih o r con i priDCP document, f urther comprising the steps of: 

decrypting, for each of said communities, said diffigrent member-specific version of 
gaiH rnndrttn oncr^Tption encrvpted symmetric key ^wfaich woo encrypted using isoid public k e y 
©f said key lecoyery agent is one of said authorized community nKmbers ^ whoroin Qoid otop of 

/)<> 

^ docr)Tptine uooo a privat e key o f- said key recov e ry ag e nt - , - t hereby creating a decrypted key for 
each of said communities; and 

decrypting each of said encrypted elements in said roqueot e d output document 
using said decrypted key^-aed 

soid step of rendering fiirther comprises the step - of: 

feftd ering noid docr}T3l:cd - <^ement5 and said oth e r un e ncrypt e d e lementg. 

Claim 60 (currently amended): The method according to Claim 58, wherein said step of 
encrypting each of said distinct symmetric keys separately for each of said numbers uses a public 
key of sddcoinimmi1y_member_as input whenLcreating each of said member-specific versions and 
furthgr conqjrising the step of : 
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3oid gtep oM ecryptin g said r e qu e st e d output deomncnt fiirtb e r comprbca th e step s of: 

decrypting ^ for each of said key classes, said differen t member-specific version of 
<iAi d random onorvption encrypted, symmetric key for which said key recovery agent is one of said 
authoriTBd community members^using key in said k e y class which woa onor5 i i)ted using Doid 
public key of gaid kcj^^ ' coov e iy agent, wbaroin oaid otop of decrypting us e s a private key of said 
key recovery agen t-wfaioh is associat e d with gatd public key v^oh was us e d for oncTyption, 
thereby creating a decrypted key; and 

decrypting each of said encry|>ted elements in said r e qu e st e d output document 
using said decrypted keysra^d 

sokl step of rondermg farther eomprisco the gtop of: 
rl r e ndering - ooid decrypt e d e lements ond said other - ttnencrypt e d e l e ment s. 

Claim 61 (origLtial): The method according to Claim 43, wherein said DTD is replaced by a 
schema. 



Clahn 62 (currently amended): The method according to Claim 43. _whgrejn Ckum 52, wfaoroin 
said encryption reqwement further con^ses specification of an encryption key length. 

Claim 63 (original): The method according to Claim 51^ wherein said imerted encryption tags 
may surround either values of said elements or values and tags of said elements. 
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